Malicious Package

Overview @cloudplatform-single-spa/ml-inference-router is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Malicious Package

Overview solidity-build-guard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

Malicious Package

Overview data-pipeline-check is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

Cross Site Request Forgery

Prefect is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to insufficient CSRF protection mechanisms, allowing an attacker to steal secrets or potentially gain remote code execution by submitting a crafted request...

GHSA-4HH5-2678-83FX Cross-Site Request Forgery vulnerability in Prefect

An attacker is able to steal secrets and potentially gain remote code execution via CSRF using a self-hosted, open source Prefect API...

Actions expression injection in `filter-test-configs` (`GHSL-2023-181`)

The pytorch/pytorch filter-test-configs workflow is vulnerable to an expression injection in Actions, allowing an attacker to potentially leak secrets and alter the repository using the workflow. Details The filter-test-configs workflow is using the raw github.event.workflowrun.headbranch value...

Malicious code in developer_backup_test529 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 6f73644ba1b18278f2efd5eded48ae6a21c8477dc4c6e8120676bdb356438687 Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in hideorg-lvl (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx cadb232e4b479810d217f2adbfed5e8dba555837082c21bb6fc0501c0686c462 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ossf-package-analysis...

Malicious code in cfa-styleguide (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5562a6cb1d5f239216be52c28e8d316e8ffe0f490d11978863202a6fcfcbe8bc Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...

Malicious code in zmsqlite3 (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 0c536bdeaf8a35a5a0507e07124cd43448dffc1c837cd5b585df38848bdd5bed Malicious packages campaign since 2021 targeting developers, steals source code and secrets...

Malicious code in prize-market (npm)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1158c7ff397e59bc3ac71f973b0f8011d57ebb50ed376f780513195f5c97f596 Malicious packages campaign since 2021 targeting developers, steals source code and secrets Source: ghsa-malware...